From 89cc8b9969ee7987f8d027ef4fbae10f0ec44af6 Mon Sep 17 00:00:00 2001
From: Sara <saragerretsen@proton.me>
Date: Tue, 11 Apr 2023 08:07:26 +0200
Subject: [PATCH] fixed out of bounds write in load_tilemap

---
 src/tilemap.cc  | 4 ++--
 src/tilemap.hpp | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/tilemap.cc b/src/tilemap.cc
index 15a79e1..e51857d 100644
--- a/src/tilemap.cc
+++ b/src/tilemap.cc
@@ -55,8 +55,7 @@ int load_tilemap(const char* file) {
 			case ' ':
 			case '\n':
 			case '\t':
-				// ignore
-				break;
+				break; // ignore
 			case EOF:
 			case ',':
 				*writer = '\0';
@@ -65,6 +64,7 @@ int load_tilemap(const char* file) {
 				} else if(entries == 1) {
 					g_tilemap.height = atoi(buf);
 				} else {
+					if(entries-2 >= TILEMAP_MAX_SIZE) goto end_while;
 					tile->value = (short)atoi(buf);
 					++tile;
 				}
diff --git a/src/tilemap.hpp b/src/tilemap.hpp
index 585585e..f361fd0 100644
--- a/src/tilemap.hpp
+++ b/src/tilemap.hpp
@@ -4,7 +4,7 @@
 #include "vector"
 #include "corelib/render.h"
 
-#define TILEMAP_MAX_SIZE 128*128
+#define TILEMAP_MAX_SIZE 16384
 
 typedef struct tile_t {
 	short value;